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SUBSTITUTE SPECIFICATION 

METHOD AND APPARATUS FOR PROTECTING 
SOFTWARE AGAINST UNAUTHRIZED USE 

BACKGROUND OF THE INVENTION 

1 . Field of the Invention 

[0001] The present invention relates generally to a method and apparatus 
for preventing the unauthorized use of software programs, and in particular, a 
method and apparatus of preventing the unauthorized use of software programs 
by unauthorized hardware devices. 

2. Description of Related Art 

[0002] The unauthorized use of software is a common problem for software 
developers and distributors. The use of personal computers at home and in the 
office has become widespread in the last decade. Software and hardware 
products provide a high level of functionality and their use is growing. Particularly, 
the use of personal computers at home is still rising and will extend further on. 
The more complex the software functionality and the greater the effort of 
development of the software the more important is the protection of software 
against unauthorized use. Although unauthorized copying of computer software is 
a violation of the law, the widespread availability of pirated software and limited 
enforcement capabilities have further enlarged the extension of software piracy. 
[0003] Furthermore, software is distributed in growing number in 
combination with special hardware devices. This bounding of hardware devices 
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with corresponding software utilities is often done to increase the value of 
hardware devices and to separate the bundled product from comparable products 
of competitors. Proprietary hardware devices with corresponding software are not 
subject to the problem of using hardware devices with software utilities of another 
manufacturer. But more and more hardware devices use standard interfaces to 
operate in combination with different software. Therefore, it is important for 
manufacturers to prevent the unauthorized use of software, which is developed to 
be distributed only in combination with the corresponding hardware devices. A 
further consideration of limiting the functionality of software with certain hardware 
devices can be a suitable means to tie a customer who purchased a hardware 
device to the same manufacturer. For example, the customer has to purchase the 
corresponding software product of the same manufacturer in order to gain access 
to all functions and options of the hardware. Therefore, the manufacturer is 
capable to calculate a mixed cost for the hardware and software products 
dependent upon the development expense. 

[0004] Current methods of preventing the unauthorized use of software are 
not effective enough or a nuisance. The use of license keys is not effective as can 
be seen from the high number of available tools to remove license key inquiries or 
the huge number of published unauthorized license keys in the internet. Methods 
to generate license keys can often be determined fast. Also, it is not possible to 
monitor the usage of the software and in particular which use should only be 
authorized in combination with particular hardware devices. 

[0005] An effective but uncomfortable method to protect the use of software 
is the use of hardware keys, called "dongles". These external devices execute a 
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certain algorithm to produce a code which the computer receives and affords 
access to the software code if the code is correct. While the use of hardware keys 
is an effective way to reduce software piracy, additional hardware keys raise the 
problem of connecting them to the computer which executes the software. 
Standardized input/output ports are available and technically sufficient but 
conflicts with other connected hardware occurs often. Hardware keys are also 
costly to produce and the combination with software is rather questionable. 
Hence, effective hardware keys are limited economically to software applications 
of high value. 

[0006] The problem associated with current protection methods of software 
is that there is no method available which combines the authorization process of 
software use with the check on certain hardware devices accessed by the 
software. 

SUMMARY OF THE INVENTION 

[0007] Therefore, there is a need for a secure and reasonable method and 
apparatus to prevent software bound to corresponding hardware devices from 
unauthorized use. The method and apparatus of protecting software against 
unauthorized use does not only secure the software use itself but also the 
unauthorized use of the software with comparable hardware devices of 
competitors. This is important in case of software which is additionally available. 
In order to employ the method and apparatus of the present invention at least one 
hardware device has to comprise a unique unalterable identification sequence 
such as identification numbers, serial numbers or other embedded unique code 
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sequences which can be read out by the software and enable an unambiguous 
identification. This object is attained by the appended claims of the present 
invention. 

[0008] A license key stored in the software or accessible by the software is 
required for executing the software. The kind of access of the software to the 
license key depends on the device able to execute the software. It is 
advantageous to store the license key in a separate file when the software is 
developed to be executed on a common personal computers. The software reads 
out the unique hardware identification sequence from the associated hardware 
module. The license key contains also at least one hardware identification 
sequence. The read out sequence and the contained sequences are compared. 
The use of the software is permitted and execution is allowed if both sequences 
match. The contained hardware identification sequences are co-coded in a 
license key which can also contain an additional classical software license key. 
The additional classical software license key can contain further software related 
information, e.g. sequences to identify the software program, sequences to 
identify the manufacturer or distributor of the software program and the like. The 
comparison of the contained hardware identification sequence and the read out 
identification sequence by the software allows to select between different 
authorization conditions. Therefore, it is possible to allow the use of the software 
by a certain sequence of identified hardware devices comprising the correct 
hardware identification sequence. The software license key need not only contain 
a single hardware identification sequence but a variety of sequences could be 
contained wherein only one or some contained sequences have to match. The 
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hardware devices do not have to be connected electrically to the computer or a 
comparable device able to execute the software since wireless connections are 
getting more and more important especially also for home use. 
[0009] Preferably, the hardware numbers which are contained in the license 
key are encrypted. There are several methods to encrypt the desired hardware 
identification sequences and co-code them in the required license key. 
[0010] Conveniently, the encrypted hardware identification sequences are 
decrypted by using a secret key. This secret key is implemented and coded in the 
software code, respectively. The manufacturer or distributor of the software has to 
know the hardware identification sequences of the corresponding hardware 
devices w hich s hould bee ontained i n t he I icense k ey. T he s ame s ecret key is 
used for encrypting this sequence and for decrypting. A comparable method is to 
use a secret algorithm instead of a secret key. The same algorithm is used to 
encrypt as also to decrypt the hardware identification sequences contained in the 
license key. Therefore, this algorithm has to be implemented or coded in the 
software code, respectively. These two methods offer a relative protection against 
unauthorized use of the software. Moreover, these methods are implemented 
economically in software utilities of low costs. 

[0011] More preferably, a public key encryption method is used to generate 
the license key and to retrieve the hardware identification sequences during the 
software execution. A public key encryption method requires two different keys, 
the secret key and the public key. The secret key is used to encrypt data which 
can only be decrypted using the public key. Contrary to the above described 
encryption methods the encryption key or method can not be extracted out of the 
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software code. The secret key has not been implemented in the distributed 
software since the public key is sufficient to decrypt the contained hardware 
identification sequences. The secret key has only to be known to the responsible 
license key generating authority. The public key can be implemented in the 
software code but also submitted in combination with the license key or obtained 
via a web page or the like. 

[0012] Conveniently, a freely obtainable public key and information about 
the internal format of the license key would enable the possibility of constructing a 
"hacked" key for certain unauthorized hardware devices since the software 
program is not able to distinguish between a legal public key of an authorized 
party and a public key of an unauthorized source. Therefore, the coding of the 
public key is advantageous. 

[0013] Additionally, to prevent the simultaneous exchange of public key and 
license key, which would allow the unauthorized use of the software, the public 
key can be signed by a third authority. This signed public key is called generally a 
certificate. However, the signing of a key is based again on a public key 
encryption method described above. A corresponding pair of keys is used for 
encryption and decryption. The corresponding pair of keys is provided by a third 
party key authority often specialized for key providing. The public key of the 
manufacturer or distributor of the software is encrypted by the secret key of the 
third party key authority. In order to gain the public key which is used to decrypt 
the hardware identification sequences contained in the license key the 
corresponding public key of the third party key authority is applied to the 
certificate in order to decrypt the certificate. The staggered encryption by applying 
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two secret keys each known to different independent key authorities makes it 
more difficult to overcome the protection of the software in favor of unauthorized 
use. 

[0014] In case of the above described usage of a certificate distributed by 
the manufacturer or distributor of the software and a public key of a third key 
authority it is possible to distribute both the certificate and the third party public 
key via freely accessible sources. Possible sources can be for example a WEB 
server of the manufacturer or distributor providing the necessary certificate via 
WEB pages and download availability and providing additionally a hyperlink to 
WEB pages of the WEB server of the third party key authority in order to offer a 
complete set of certificate and public key to the vendor. 

[0015] Preferably, the software program is bond to at least one network 
interface module. Network interface modules comprise a unique identification 
sequence of worldwide validity known as medium access control layer (MAC) 
address. The MAC address is perfectly suited for use as unique identification 
sequence. More preferably, the software program is bond to at least one 
Bluetooth™ module which comprises also a worldwide valid MAC address. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0016] Throughout the following, reference numerals will be used in the 
drawings, and like reference numerals will be used throughout the figures in the 
description to describe corresponding parts of embodiments of the invention. 
[0017] Fig. 1 is a flow chart illustrating the method steps performed to 
activate the protected software the first time; 
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[0018] Fig. 2 is a flow chart illustrating the method steps performed to 
activate repeatedly the protected software after the first activation; 
[0019] Fig. 3 shows a possible arrangement of two personal computers 
each equipped with a Bluetooth™ network interface as a further example of a 
hardware arrangement; 

[0020] Fig. 4 shows a possible arrangement of a mobile terminal and a 
mobile phone each equipped with a Bluetooth™ n etwork i nterface a s a further 
example of a hardware arrangement; and 

[0021] Fig. 5 shows a further embodiment involving a controller unit like a 
mobile phone or a personal computer both equipped with a Bluetooth™ network 
interface to control a home electronic device like DVD-Player, VCR-Recorder. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
[0022] Fig. 1 shows a flow chart as applied to apparatus used in 
implementing the present invention. The flow chart illustrates an embodiment 
according to the method and apparatus of the present invention. The shown 
embodiment applies the above described public key encryption method in 
combination with a signed public key and certificate, respectively. 
[0023] A typical exemplary scenario shall be described below to enlighten 
the virtue of the software protection method against unauthorized use. Hardware 
devices and the corresponding software can be purchased via the internet using a 
web shop of the manufacturer or distributor or via a classical shop. If the 
purchase is performed via the internet contact information like mail address or e- 
mail address are submitted to the vendor. The hardware devices and the 
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corresponding software are put together and sent to the purchaser. The 
respective hardware identification numbers can be obtained for example by the 
serial number of the hardware products. The unique hardware identification 
numbers and serial numbers are linked by a database system. To allow the use of 
the software also the license key has to be submitted to the purchaser. The 
hardware identification numbers are encrypted using a secret key according to a 
public key encryption method. In order to ensure a certain security of the secret 
key the encryption of the hardware identification numbers and the coding of the 
encrypted numbers in the license key should be performed by a single key 
authority to avoid a wide distribution of the secret key. The generated license key 
is submitted using preferably another way of submission. It is also possible that 
the license key has to be requested by the user. The user submits for example 
the serial number of the hardware devices in his property or the unique hardware 
identification numbers determined by a special software tool and a contact 
address to the key authority. The key authority has to be able to check the 
hardware numbers to ensure that the hardware device is authorized to be used in 
combination with t he s oftware. T he u ser i s n ow i n p ossession o f t he h ardware 
devices, the corresponding software and a personal license key. 
[0024] A public key according to the secret key has also to be provided. 
Coding of the public key would be the simplest but also an unsafe way of 
providing. According to the currently preferred embodiment the public key is 
provided as a certificate or signed public key. The signed public key involves a 
third party key authority which encrypts the public key according to the secret key 
used for encrypting the hardware identification numbers contained in the license 
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key. Both the signed public key and the public key of the third party key authority 
can be submitted to the user via e-mail or can be accessed by the user using the 
internet. 

[0025] The software can now decrypt the hardware identification numbers 
of the license key in a two step decryption. In a first decryption step the signed 
public key or certificate, respectively, is decrypted using the public key of the third 
party key authority. This decryption results in the public key of the manufacturer 
or distributor. The following second decryption step involving the gained public 
key and the license key results in revelation of the hardware numbers contained 
in the license key. The contained hardware numbers are now compared with the 
hardware identification numbers read out by the software of the accessible 
hardware devices. If the numbers match access to the software, its execution is 
permitted to the user. In the other case it is for example possible to permit access 
to the software with limited functionality. 

[0026] Due to the additional encryption of the public key used for decrypting 
the license key data, the manipulation of the software and thereupon the 
unauthorized use of the software is made more difficult in comparison to using a 
coded public key for decryption. The certificate ensures that only the public key of 
the manufacturer or distributor is a legal public key. Additionally, if the certificate 
and the corresponding public key of the third party key authority are submitted in 
any way parallel to the submission of the license key, the exchange of the keys is 
easier and once compromised keys can be exchanged against new secure ones. 
[0027] Fig. 2 is a flow chart illustrating the steps and functions of the 
method a nd a pparatus p erformed to a ctivate repeatedly t he p rotected s oftware 

10 



after the first activation. In the present embodiment according to Fig. 2 the public 
key of the third party authority or certificate, respectively, the public key of the 
manufacturer or distributor and the license key are stored. Each time the software 
is restarted the signed public key is decrypted using the public key of the 
manufacturer or distributor and subsequent the contained hardware identification 
numbers are decrypted and extracted for the license key and compared with the 
accessible hardware devices in order to ensure that the authorized hardware 
devices are used. This proceeding ensures that the public key of the 
manufacturer can not be exchanged against a public key of an authorized party. 
Hereby, a complete protection against misuse of the software program is given. 
[0028] Often software programs once installed on a computer system can 
not be copied and reinstalled on another one. In this case the protection against 
exchange of the public key of the manufacturer or distributor is not necessary any 
more. Hence, it can be sufficient to check only once the public key to ensure the 
origin of the public key from an authorized source. Only the decrypted certificate 
and the license key have to be stored which saves the execution of one 
decrypting process. The complete software protection is to be preferred, since the 
same decryption methods and algorithms are often used and the implementation 
of the complete staggered decryption process does not extend the software 
program to much. 

[0029] Fig. 3 shows a possible arrangement of two computers 301 each 
equipped with a Bluetooth™ network interface 303 as an example of a hardware 
arrangement. The both Bluetooth™ network interfaces 303 each comprise a 
unique hardware identification address. Both identification addresses can be read 
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out by both software installed on one of the both computers 301 since 
Bluetooth™ network interfaces 303 are accessible from each other and all 
network interface cards have to comprise a unique hardware identification 
address to recognize them worldwide. Software applying the protection method 
according to the present invention can be installed on one of the two computers 
and checking if at least two Bluetooth™ network interfaces 303 comprising certain 
hardware identification address are accessible. It is even possible to co-code 
additional license conditions. For example, it could be coded that one of the 
Bluetooth™ network interfaces 303 has to be connected electrically to the 
computer which executes the software and the other of the network 
interfaces 303 is accessed via radio frequency transmission 305. Obviously, the 
number of verified hardware devices comprising unique hardware identification 
addresses can vary according to the license conditions. 

[0030] Fig. 4 shows a possible arrangement of a mobile terminal 401 and a 
mobile phone 403 each equipped with a Bluetooth™ network interface 303, 405 
as a further example of a hardware arrangement. This arrangement is similar to 
the arrangement shown in Fig. 3. A mobile phone 403 is used for linking a mobile 
terminal 401 to an access server to the internet. The data communication 
between mobile phone 403 and mobile terminal 401 is performed using 
Bluetooth™ network interfaces 303, 405. A special software is implemented on 
the mobile terminal 401 which use is only authorized in combination with a mobile 
phone 403 of a certain manufacturer. The manufacturer of the Bluetooth™ 
network interface 405 plugged on the mobile phone 403 distributes the necessary 
communication software which shall only be usable if this certain Bluetooth™ 
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network interface 405 is connected. The software executed on the mobile terminal 
is protected against unauthorized use applying the method according to the 
present invention. The license key contains the Bluetooth™ hardware address of 
the Bluetooth™ network interface 405. The corresponding Bluetooth™ network 
interface 303 connected to the mobile terminal 401 is not involved in the 
verification process so that a Bluetooth™ network interface of any manufacturer 
can be used. 

[0031] Fig. 5 shows a further embodiment involving a controller unit like a 
mobile phone 403 or a personal computer 301 both equipped with a Bluetooth™ 
network interface 303 to control a home electronic device 501 like digital versatile 
disk player (DVD), video recorder (VCR), digital video recorder (DVCR). Rising 
numbers of features included in home electronic devices requires just operable 
user interfaces. Particularly, video processing devices comprising multiple 
features are suitable to be equipped with interface devices for remote controlling 
by another terminal device, e.g. personal computer, mobile phone or the similar 
devices able to execute controlling software. A Bluetooth™ network interface can 
be implemented as preferred interface device. Related controlling software 
executed on the controlling devices has to be protected and shall only be usable 
in combination with the home electronic device of the certain manufacturer but 
executable on controlling devices of several manufacturer. Therefore, the method 
of the present invention is suitable to prevent unauthorized use of the software for 
controlling unauthorized devices of a competitor which implement the same 
controlling interface. 
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[0032] The forgoing description of the preferred embodiment of the 
invention has been presented for the purpose of illustration and description. It is 
not intended to be exhaustive or to limit the invention to the precise form 
disclosed. Many modifications and variations are possible in light of the above 
teaching. It is intended that the scope of the invention be limited not by this 
detailed description, but rather by the claims appended hereto. 
[0033] The method and apparatus to prevent unauthorized software use 
applies a unique hardware identification sequence of hardware devices accessed 
by the software. The identification sequence is compared with coded sequences 
in a special license key comprising hardware identification sequences. To protect 
the contained hardware identification sequences against unauthorized 
manipulation the sequences can be encrypted using different encryption methods 
according to the desired degree of protection. Accordingly, software which use is 
bonded to certain hardware devices can be protected effectively and reasonably 
by employing the method of the present invention. 



14 



